// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. // Weak pointers are pointers to an object that do not affect its lifetime, // and which may be invalidated (i.e. reset to nullptr) by the object, or its // owner, at any time, most commonly when the object is about to be deleted. // Weak pointers are useful when an object needs to be accessed safely by one // or more objects other than its owner, and those callers can cope with the // object vanishing and e.g. tasks posted to it being silently dropped. // Reference-counting such an object would complicate the ownership graph and // make it harder to reason about the object's lifetime. // EXAMPLE: // // class Controller { // public: // void SpawnWorker() { Worker::StartNew(weak_factory_.GetWeakPtr()); } // void WorkComplete(const Result& result) { ... } // private: // // Member variables should appear before the WeakPtrFactory, to ensure // // that any WeakPtrs to Controller are invalidated before its members // // variable's destructors are executed, rendering them invalid. // WeakPtrFactory weak_factory_{this}; // }; // // class Worker { // public: // static void StartNew(WeakPtr controller) { // // Move WeakPtr when possible to avoid atomic refcounting churn on its // // internal state. // Worker* worker = new Worker(std::move(controller)); // // Kick off asynchronous processing... // } // private: // Worker(WeakPtr controller) // : controller_(std::move(controller)) {} // void DidCompleteAsynchronousProcessing(const Result& result) { // if (controller_) // controller_->WorkComplete(result); // } // WeakPtr controller_; // }; // // With this implementation a caller may use SpawnWorker() to dispatch multiple // Workers and subsequently delete the Controller, without waiting for all // Workers to have completed. // ------------------------- IMPORTANT: Thread-safety ------------------------- // Weak pointers may be passed safely between sequences, but must always be // dereferenced and invalidated on the same SequencedTaskRunner otherwise // checking the pointer would be racey. // // To ensure correct use, the first time a WeakPtr issued by a WeakPtrFactory // is dereferenced, the factory and its WeakPtrs become bound to the calling // sequence or current SequencedWorkerPool token, and cannot be dereferenced or // invalidated on any other task runner. Bound WeakPtrs can still be handed // off to other task runners, e.g. to use to post tasks back to object on the // bound sequence. // // If all WeakPtr objects are destroyed or invalidated then the factory is // unbound from the SequencedTaskRunner/Thread. The WeakPtrFactory may then be // destroyed, or new WeakPtr objects may be used, from a different sequence. // // Thus, at least one WeakPtr object must exist and have been dereferenced on // the correct sequence to enforce that other WeakPtr objects will enforce they // are used on the desired sequence. #ifndef BASE_MEMORY_WEAK_PTR_H_ #define BASE_MEMORY_WEAK_PTR_H_ #include #include #include #include "base/base_export.h" #include "base/check.h" #include "base/compiler_specific.h" #include "base/dcheck_is_on.h" #include "base/memory/raw_ptr.h" #include "base/memory/ref_counted.h" #include "base/memory/safe_ref_traits.h" #include "base/sequence_checker.h" #include "base/synchronization/atomic_flag.h" namespace performance_manager { class FrameNodeImpl; class PageNodeImpl; class ProcessNodeImpl; class WorkerNodeImpl; } // namespace performance_manager namespace base { namespace sequence_manager::internal { class TaskQueueImpl; } template class SupportsWeakPtr; template class WeakPtr; namespace internal { // These classes are part of the WeakPtr implementation. // DO NOT USE THESE CLASSES DIRECTLY YOURSELF. class BASE_EXPORT TRIVIAL_ABI WeakReference { public: // Although Flag is bound to a specific SequencedTaskRunner, it may be // deleted from another via base::WeakPtr::~WeakPtr(). class BASE_EXPORT Flag : public RefCountedThreadSafe { public: Flag(); void Invalidate(); bool IsValid() const; bool MaybeValid() const; #if DCHECK_IS_ON() void DetachFromSequence(); void BindToCurrentSequence(); #endif private: friend class base::RefCountedThreadSafe; ~Flag(); SEQUENCE_CHECKER(sequence_checker_); AtomicFlag invalidated_; }; WeakReference(); explicit WeakReference(const scoped_refptr& flag); ~WeakReference(); WeakReference(const WeakReference& other); WeakReference& operator=(const WeakReference& other); WeakReference(WeakReference&& other) noexcept; WeakReference& operator=(WeakReference&& other) noexcept; void Reset(); // Returns whether the WeakReference is valid, meaning the WeakPtrFactory has // not invalidated the pointer. Unlike, RefIsMaybeValid(), this may only be // called from the same sequence as where the WeakPtr was created. bool IsValid() const; // Returns false if the WeakReference is confirmed to be invalid. This call is // safe to make from any thread, e.g. to optimize away unnecessary work, but // RefIsValid() must always be called, on the correct sequence, before // actually using the pointer. // // Warning: as with any object, this call is only thread-safe if the WeakPtr // instance isn't being re-assigned or reset() racily with this call. bool MaybeValid() const; private: scoped_refptr flag_; }; class BASE_EXPORT WeakReferenceOwner { public: WeakReferenceOwner(); ~WeakReferenceOwner(); WeakReference GetRef() const; bool HasRefs() const { return !flag_->HasOneRef(); } void Invalidate(); void BindToCurrentSequence(); private: scoped_refptr flag_; }; // This class provides a common implementation of common functions that would // otherwise get instantiated separately for each distinct instantiation of // SupportsWeakPtr<>. class SupportsWeakPtrBase { public: // A safe static downcast of a WeakPtr to WeakPtr. This // conversion will only compile if Derived singly inherits from // SupportsWeakPtr. See base::AsWeakPtr() below for a helper function // that makes calling this easier. // // Precondition: t != nullptr template static WeakPtr StaticAsWeakPtr(Derived* t) { static_assert(std::is_base_of_v, "AsWeakPtr argument must inherit from SupportsWeakPtr"); using Base = typename decltype(ExtractSinglyInheritedBase(t))::Base; // Ensure SupportsWeakPtr::AsWeakPtr() is called even if the subclass // hides or overloads it. WeakPtr weak = static_cast*>(t)->AsWeakPtr(); return WeakPtr(weak.CloneWeakReference(), static_cast(weak.ptr_)); } private: // This class can only be instantiated if the constructor argument inherits // from SupportsWeakPtr in exactly one way. template struct ExtractSinglyInheritedBase; template struct ExtractSinglyInheritedBase> { using Base = T; explicit ExtractSinglyInheritedBase(SupportsWeakPtr*); }; template ExtractSinglyInheritedBase(SupportsWeakPtr*) -> ExtractSinglyInheritedBase>; }; // Forward declaration from safe_ptr.h. template SafeRef MakeSafeRefFromWeakPtrInternals(internal::WeakReference&& ref, T* ptr); } // namespace internal template class WeakPtrFactory; // The WeakPtr class holds a weak reference to |T*|. // // This class is designed to be used like a normal pointer. You should always // null-test an object of this class before using it or invoking a method that // may result in the underlying object being destroyed. // // EXAMPLE: // // class Foo { ... }; // WeakPtr foo; // if (foo) // foo->method(); // template class TRIVIAL_ABI WeakPtr { public: WeakPtr() = default; // NOLINTNEXTLINE(google-explicit-constructor) WeakPtr(std::nullptr_t) {} // Allow conversion from U to T provided U "is a" T. Note that this // is separate from the (implicit) copy and move constructors. template requires(std::convertible_to) // NOLINTNEXTLINE(google-explicit-constructor) WeakPtr(const WeakPtr& other) : ref_(other.ref_), ptr_(other.ptr_) {} template requires(std::convertible_to) // NOLINTNEXTLINE(google-explicit-constructor) WeakPtr& operator=(const WeakPtr& other) { ref_ = other.ref_; ptr_ = other.ptr_; return *this; } template requires(std::convertible_to) // NOLINTNEXTLINE(google-explicit-constructor) WeakPtr(WeakPtr&& other) : ref_(std::move(other.ref_)), ptr_(std::move(other.ptr_)) {} template requires(std::convertible_to) // NOLINTNEXTLINE(google-explicit-constructor) WeakPtr& operator=(WeakPtr&& other) { ref_ = std::move(other.ref_); ptr_ = std::move(other.ptr_); return *this; } T* get() const { return ref_.IsValid() ? ptr_ : nullptr; } // Provide access to the underlying T as a reference. Will CHECK() if the T // pointee is no longer alive. T& operator*() const { CHECK(ref_.IsValid()); return *ptr_; } // Used to call methods on the underlying T. Will CHECK() if the T pointee is // no longer alive. T* operator->() const { CHECK(ref_.IsValid()); return ptr_; } // Allow conditionals to test validity, e.g. if (weak_ptr) {...}; explicit operator bool() const { return get() != nullptr; } // Resets the WeakPtr to hold nothing. // // The `get()` method will return `nullptr` thereafter, and `MaybeValid()` // will be `false`. void reset() { ref_.Reset(); ptr_ = nullptr; } // Do not use this method. Almost all callers should instead use operator // bool(). // // There are a few rare cases where the caller intentionally needs to check // validity of a base::WeakPtr on a sequence different from the bound sequence // as an unavoidable performance optimization. This is the only valid use-case // for this method. See // https://docs.google.com/document/d/1IGzq9Nx69GS_2iynGmPWo5sFAD2DcCyBY1zIvZwF7k8 // for details. // // Returns false if the WeakPtr is confirmed to be invalid. This call is safe // to make from any thread, e.g. to optimize away unnecessary work, but // RefIsValid() must always be called, on the correct sequence, before // actually using the pointer. // // Warning: as with any object, this call is only thread-safe if the WeakPtr // instance isn't being re-assigned or reset() racily with this call. bool MaybeValid() const { return ref_.MaybeValid(); } // Returns whether the object |this| points to has been invalidated. This can // be used to distinguish a WeakPtr to a destroyed object from one that has // been explicitly set to null. bool WasInvalidated() const { return ptr_ && !ref_.IsValid(); } private: friend class internal::SupportsWeakPtrBase; template friend class WeakPtr; friend class SupportsWeakPtr; friend class WeakPtrFactory; friend class WeakPtrFactory>; WeakPtr(internal::WeakReference&& ref, T* ptr) : ref_(std::move(ref)), ptr_(ptr) { DCHECK(ptr); } internal::WeakReference CloneWeakReference() const { return ref_; } internal::WeakReference ref_; // This pointer is only valid when ref_.is_valid() is true. Otherwise, its // value is undefined (as opposed to nullptr). The pointer is allowed to // dangle as we verify its liveness through `ref_` before allowing access to // the pointee. We don't use raw_ptr here to prevent WeakPtr from keeping // the memory allocation in quarantine, as it can't be accessed through the // WeakPtr. RAW_PTR_EXCLUSION T* ptr_ = nullptr; }; // Allow callers to compare WeakPtrs against nullptr to test validity. template bool operator!=(const WeakPtr& weak_ptr, std::nullptr_t) { return !(weak_ptr == nullptr); } template bool operator!=(std::nullptr_t, const WeakPtr& weak_ptr) { return weak_ptr != nullptr; } template bool operator==(const WeakPtr& weak_ptr, std::nullptr_t) { return weak_ptr.get() == nullptr; } template bool operator==(std::nullptr_t, const WeakPtr& weak_ptr) { return weak_ptr == nullptr; } namespace internal { class BASE_EXPORT WeakPtrFactoryBase { protected: WeakPtrFactoryBase(uintptr_t ptr); ~WeakPtrFactoryBase(); internal::WeakReferenceOwner weak_reference_owner_; uintptr_t ptr_; }; } // namespace internal namespace subtle { // Restricts access to WeakPtrFactory::BindToCurrentSequence() to authorized // callers. class BASE_EXPORT BindWeakPtrFactoryPassKey { private: // Avoid =default to disallow creation by uniform initialization. BindWeakPtrFactoryPassKey() {} friend class BindWeakPtrFactoryForTesting; friend class performance_manager::FrameNodeImpl; friend class performance_manager::PageNodeImpl; friend class performance_manager::ProcessNodeImpl; friend class performance_manager::WorkerNodeImpl; friend class sequence_manager::internal::TaskQueueImpl; }; } // namespace subtle // A class may be composed of a WeakPtrFactory and thereby // control how it exposes weak pointers to itself. This is helpful if you only // need weak pointers within the implementation of a class. This class is also // useful when working with primitive types. For example, you could have a // WeakPtrFactory that is used to pass around a weak reference to a bool. template class WeakPtrFactory : public internal::WeakPtrFactoryBase { public: WeakPtrFactory() = delete; explicit WeakPtrFactory(T* ptr) : WeakPtrFactoryBase(reinterpret_cast(ptr)) {} WeakPtrFactory(const WeakPtrFactory&) = delete; WeakPtrFactory& operator=(const WeakPtrFactory&) = delete; ~WeakPtrFactory() = default; WeakPtr GetWeakPtr() const { return WeakPtr(weak_reference_owner_.GetRef(), reinterpret_cast(ptr_)); } WeakPtr GetWeakPtr() requires(!std::is_const_v) { return WeakPtr(weak_reference_owner_.GetRef(), reinterpret_cast(ptr_)); } WeakPtr GetMutableWeakPtr() const requires(!std::is_const_v) { return WeakPtr(weak_reference_owner_.GetRef(), reinterpret_cast(ptr_)); } // Returns a smart pointer that is valid until the WeakPtrFactory is // invalidated. Unlike WeakPtr, this smart pointer cannot be null, and cannot // be checked to see if the WeakPtrFactory is invalidated. It's intended to // express that the pointer will not (intentionally) outlive the `T` object it // points to, and to crash safely in the case of a bug instead of causing a // use-after-free. This type provides an alternative to WeakPtr to prevent // use-after-free bugs without also introducing "fuzzy lifetimes" that can be // checked for at runtime. SafeRef GetSafeRef() const { return internal::MakeSafeRefFromWeakPtrInternals( weak_reference_owner_.GetRef(), reinterpret_cast(ptr_)); } // Call this method to invalidate all existing weak pointers. void InvalidateWeakPtrs() { DCHECK(ptr_); weak_reference_owner_.Invalidate(); } // Call this method to determine if any weak pointers exist. bool HasWeakPtrs() const { DCHECK(ptr_); return weak_reference_owner_.HasRefs(); } // Rebind the factory to the current sequence. This allows creating an object // and associated weak pointers on a different thread from the one they are // used on. void BindToCurrentSequence(subtle::BindWeakPtrFactoryPassKey) { weak_reference_owner_.BindToCurrentSequence(); } }; // A class may extend from SupportsWeakPtr to let others take weak pointers to // it. This avoids the class itself implementing boilerplate to dispense weak // pointers. However, since SupportsWeakPtr's destructor won't invalidate // weak pointers to the class until after the derived class' members have been // destroyed, its use can lead to subtle use-after-destroy issues. template class SupportsWeakPtr : public internal::SupportsWeakPtrBase { public: SupportsWeakPtr() = default; SupportsWeakPtr(const SupportsWeakPtr&) = delete; SupportsWeakPtr& operator=(const SupportsWeakPtr&) = delete; WeakPtr AsWeakPtr() { return WeakPtr(weak_reference_owner_.GetRef(), static_cast(this)); } protected: ~SupportsWeakPtr() = default; private: internal::WeakReferenceOwner weak_reference_owner_; }; // Helper function that uses type deduction to safely return a WeakPtr // when Derived doesn't directly extend SupportsWeakPtr, instead it // extends a Base that extends SupportsWeakPtr. // // EXAMPLE: // class Base : public base::SupportsWeakPtr {}; // class Derived : public Base {}; // // Derived derived; // base::WeakPtr ptr = base::AsWeakPtr(&derived); // // Note that the following doesn't work (invalid type conversion) since // Derived::AsWeakPtr() is WeakPtr SupportsWeakPtr::AsWeakPtr(), // and there's no way to safely cast WeakPtr to WeakPtr at // the caller. // // base::WeakPtr ptr = derived.AsWeakPtr(); // Fails. template WeakPtr AsWeakPtr(Derived* t) { return internal::SupportsWeakPtrBase::StaticAsWeakPtr(t); } } // namespace base #endif // BASE_MEMORY_WEAK_PTR_H_